Supergood | SecureDocs API
Programmatically access SecureDocs virtual data rooms, documents, permissions, Q&A, and audit trails with a stable REST API. Supergood builds and operates production-grade, unofficial SecureDocs integrations so your team can automate diligence and compliance workflows without heavy custom engineering.
Plain English: SecureDocs is a virtual data room (VDR) for securely organizing and sharing sensitive documents during M&A, fundraising, audits, and other confidential processes. An unofficial API lets you pull room lists, users and permission groups, folders and documents (with versions, tags, and watermarks), Q&A threads, invitations, and detailed audit logs—and push uploads, invites, permission changes, and Q&A activity back into SecureDocs.
For a tech company integrating with SecureDocs, this means you can ingest real-time room and user data to power deal dashboards, sync document activity to a SIEM (e.g., Splunk), archive finalized rooms to object storage (e.g., AWS S3), automate redaction and tagging from your DMS, or enrich your platform with Q&A status and engagement metrics. You can also align access with your identity provider (e.g., Okta), trigger time-limited download links, enforce NDA gating consistently, and keep stakeholder systems (CRM, analytics, compliance) in lockstep.
What is SecureDocs?
SecureDocs (https://www.securedocs.com/) is a cloud VDR that centralizes secure document sharing, permissioning, and activity tracking for transactions and audits. Teams use SecureDocs to structure folders and documents, provision granular access and watermarks, manage Q&A between buy- and sell-side, enforce NDAs and two-factor authentication, and export comprehensive audit reports—all with simple, flat-rate pricing and unlimited users.
Core product areas include:
- Data Rooms and Organization (rooms, folders, documents, bulk upload, drag-and-drop)
- Security and Compliance (granular permissions, two-factor authentication, watermarking, NDA gating, SOC 2 controls)
- Collaboration (Q&A workflows, buyer/seller roles, request/response tracking)
- Access and Invitations (user provisioning, groups, role-based visibility, SSO/SAML)
- Reporting and Audit (activity logs, downloads/views tracking, exports)
Common data entities:
- Accounts/Organizations, Users, Roles/Permission Groups
- Data Rooms (metadata, status, owners, retention/policies)
- Folders and Documents (versions, tags, classification, checksums)
- NDA and Watermark Policies
- Invitations and Access Links (time-limited, IP constraints)
- Q&A Threads and Messages (categories, assignees, statuses)
- Audit Events (views, downloads, uploads, login, permission changes)
The SecureDocs Integration Challenge
SecureDocs is built for secure, portal-first workflows. Turning those into robust, API-driven automation is non-trivial:
- Permission complexity: Folder-level controls, buyer/seller roles, and group-based visibility require careful modeling
- Security-first features: Watermarking, NDA click-through, and time-limited download links must be respected programmatically
- Authentication challenges: SSO/SAML and MFA introduce headless automation hurdles
- Q&A nuances: Triage, redaction, and cross-team visibility differ by side and state
- Data exports: Teams often rely on manual CSV or bulk ZIP exports for audit records and archives; many report limited native automation and no public API
- Change detection: UI-driven updates and ephemeral URLs complicate reliable syncs at scale
How Supergood Creates SecureDocs APIs
Supergood reverse-engineers authenticated browser flows and network interactions to deliver a resilient API endpoint layer for your SecureDocs tenant.
- Handles username/password, SSO/SAML/OAuth, and MFA (SMS, email, TOTP) securely
- Maintains session continuity with automated refresh, download URL renewal, and change detection
- Normalizes responses so you can integrate once and rely on consistent objects across rooms, documents, Q&A, and audit logs
- Aligns with customer entitlements and role-based permissions to ensure compliant access and watermark/NDA policy enforcement
Use Cases
Deal and Stakeholder Data Sync
- Mirror rooms, users, and permission groups into your internal systems
- Keep room metadata, buyer lists, and group mappings current for analytics and compliance
- Map SecureDocs groups to Okta groups or CRM account teams
Document Lifecycle Automation
- Bulk-upload and classify documents from your DMS with tags and retention policies
- Apply consistent watermark and NDA settings programmatically
- Generate time-limited download links and archive finalized rooms to AWS S3
Q&A and Diligence Orchestration
- Create and triage Q&A threads from your product with SLA tracking
- Route questions by category to the right sell-side owners and manage visibility for buy-side groups
- Analyze response times, topics, and blockers across deals
Compliance and Audit Streaming
- Ingest detailed audit logs (views, downloads, permission changes) into Splunk or your SIEM
- Produce regulator-ready reports and immutable archives
- Monitor unusual access patterns with automated alerts
Available Endpoints
Authentication
POST /sessions: Establish a session using credentials. Supergood manages MFA (SMS, email, TOTP) and SSO/SAML/OAuth when enabled. Returns a short-lived auth token maintained by the platform.
curl --request POST \
--url https://api.supergood.ai/integrations/<integration_id>/sessions \
--header 'Authorization: Basic <Base64 encoded token>' \
--header 'Content-Type: application/json' \
--data '{
"username": "[email protected]",
"password": "<password>",
"mfa": { "type": "totp", "code": "123456" }
}'
Example response
{
"authToken": "eyJhbGciOi...",
"expiresIn": 3600,
"user": {
"id": "usr_sd_2f9c1a",
"name": "Deal Admin",
"entitlements": ["rooms", "documents", "qna", "audit"]
}
}
POST /sessions/refresh: Refresh an existing token to keep sessions uninterrupted.
Data Rooms
GET /rooms: List data rooms with filters and summary details.
Query parameters
- status: open | closed | archived
- ownerCompanyId: string
- updatedFrom, updatedTo: ISO 8601 timestamps
- page, pageSize: integers for pagination
Example response
{
"items": [
{
"roomId": "room_7a41d3",
"name": "Project Atlas - Sell Side",
"status": "open",
"ownerCompany": { "id": "co_1902", "name": "Acme Holdings" },
"ndaRequired": true,
"watermarkPolicy": "dynamic",
"qnaEnabled": true,
"totalDocuments": 1842,
"storageUsedMB": 9635.4,
"createdAt": "2026-01-05T15:12:03Z",
"updatedAt": "2026-01-21T18:30:11Z"
}
],
"page": 1,
"pageSize": 50,
"total": 1
}
Documents
GET /rooms/{roomId}/documents: List documents and folders with metadata and optional version details.
Query parameters
- folderId: string (optional)
- path: string (e.g., "/Financials/2024/")
- q: string full-text search
- tag: string
- includeVersions: boolean
- updatedFrom, updatedTo: ISO 8601 timestamps
- page, pageSize: integers for pagination
Example response
{
"items": [
{
"documentId": "doc_51f8a0",
"name": "2024_Audited_Financials.pdf",
"path": "/Financials/2024/",
"folderId": "fld_aa21b2",
"sizeBytes": 2814432,
"version": 3,
"sha256": "a7b6...f9",
"tags": ["financials", "audit"],
"restrictedToGroups": ["Buyers_Team_A"],
"lastViewedAt": "2026-01-21T17:05:23Z",
"watermarked": true,
"downloadUrl": {
"url": "https://dl.supergood.ai/signed/...",
"expiresAt": "2026-01-21T18:05:23Z"
}
}
],
"page": 1,
"pageSize": 100,
"total": 1
}
Uploads
POST /rooms/{roomId}/uploads: Initiate a secure document upload with tags and access controls.
curl --request POST \
--url https://api.supergood.ai/integrations/<integration_id>/rooms/room_7a41d3/uploads \
--header 'Authorization: Bearer <authToken>' \
--header 'Content-Type: application/json' \
--data '{
"parentFolderId": "fld_aa21b2",
"fileName": "Vendor_Contracts_Q1.zip",
"sizeBytes": 104857600,
"sha256": "3c1b...92",
"tags": ["contracts", "q1"],
"visibleToGroupIds": ["Sellers_Internal", "Buyers_Team_A"],
"watermarkPolicy": "dynamic",
"referenceId": "dms-78421"
}'
Example response
{
"uploadId": "upl_0f92b4",
"uploadToken": "upl_tok_3a1...",
"uploadUrl": "https://upl.supergood.ai/presigned/...",
"maxPartSizeBytes": 5242880,
"expiresAt": "2026-01-21T20:00:00Z"
}
Audit Events
GET /rooms/{roomId}/audit-events: Retrieve normalized activity logs for compliance and analytics.
Query parameters
- actorId: string
- action: view | download | upload | invite | permission_change | login | qna_question | qna_answer
- targetType: document | folder | room | user
- from, to: ISO 8601 timestamps
- ipCountry: string (e.g., "US")
- page, pageSize: integers for pagination
Example response
{
"items": [
{
"eventId": "aud_f18a02",
"timestamp": "2026-01-21T17:06:33Z",
"actor": { "id": "usr_sd_77c100", "name": "Buyer Analyst" },
"action": "download",
"target": { "type": "document", "id": "doc_51f8a0", "name": "2024_Audited_Financials.pdf" },
"ip": "203.0.113.54",
"ipCountry": "US",
"userAgent": "Mozilla/5.0 ...",
"metadata": { "watermarked": true, "viaLink": false }
}
],
"page": 1,
"pageSize": 100,
"total": 1
}
Technical Specifications
- Authentication: Username/password with MFA (SMS, email, TOTP) and SSO/SAML/OAuth where enabled; supports service accounts or customer-managed credentials
- Response format: JSON with consistent resource schemas and pagination across rooms, documents, Q&A, and audit logs
- Rate limits: Tuned for enterprise throughput while honoring customer entitlements and usage controls
- Session management: Automatic reauth, cookie/session rotation, and signed URL refresh with health checks
- Data freshness: Near real-time retrieval of rooms, document inventories, Q&A updates, and audit events
- Security: Encrypted transport, scoped tokens, and audit logging; respects SecureDocs role-based permissions, NDA gates, and watermark policies
- Webhooks: Optional asynchronous delivery for long-running workflows (e.g., room archives, bulk uploads, Q&A responses)
Performance Characteristics
- Latency: Sub-second responses for list/detail queries under normal load
- Throughput: Designed for high-volume document indexing, audit streaming, and Q&A processing
- Reliability: Retry logic, backoff, and idempotency keys minimize duplicate actions and handle transient link expirations
- Adaptation: Continuous monitoring for UI/API changes with rapid adapter updates
Getting Started
- Schedule Integration Assessment
Book a 30-minute session to confirm your modules, licensing, and authentication model.
- Supergood Builds and Validates Your API
We deliver a hardened SecureDocs adapter tailored to your workflows and entitlements.
- Deploy with Monitoring
Go live with continuous monitoring and automatic adjustments as SecureDocs evolves.
Frequently Asked Questions
Q: Which SecureDocs modules can this integration cover?
Supergood supports workflows across commonly used modules such as Rooms and Organization (rooms, folders, documents), Collaboration (Q&A), Access and Invitations (users, groups, permissions), and Reporting/Audit (activity logs), subject to your licensing and entitlements. We scope coverage during integration assessment.
Q: How are MFA and SSO handled for automation?
We support username/password + MFA (SMS, email, TOTP) and can operate behind SSO/SAML/OAuth when enabled. Sessions and signed download links are refreshed automatically with secure challenge handling.
Q: Can you export full audit logs and Q&A for our compliance and analytics teams?
Yes. We normalize audit events (views, downloads, permission changes, logins, Q&A actions) and can stream them to your SIEM (e.g., Splunk) or deliver periodic exports. Q&A threads, messages, and attachments can be synced with role-aware visibility.
Q: How do you handle bulk uploads, watermarks, and NDA gating?
Uploads support checksum validation, chunked transfer for large files, tag and policy assignment, and group visibility. We enforce watermark and NDA settings consistent with your SecureDocs configuration and limit downloads to signed, time-bound URLs.
Related Integrations
Intralinks API - Programmatically access Intralinks VDR workflows with Supergood
Ready to automate your SecureDocs workflows?
Supergood can have your SecureDocs integration live in days with no ongoing engineering maintenance.
